> > On 26.05.2011 12:31, Mickey Lane wrote: > > Hi, > > > > I want an AFS client (Windows or Linux) to get kerberos credentials > from a Windows Server and use them to access AFS servers on a Linux > machine. The Linux machine does not have a KDC. > > > > Although I haven't personally tried it, I'm under the impression this > works without too many AD configuration issues with Server 2003. > > I'm also under the impression it works with Server 2008 R2 once DES > is enabled. > > > > I currently have 2008 Standard (not R2) configured to provide tickets > and I've moved the keytab to the Linux machine, etc. The process > *appears* to work but the credentials are invalid. Kvno numbers are > correct. I think the problem is improper encryption types. > > > > I'm aware of a Microsoft update to 64-bit Server 2008 that is related > to password corruption in this process. > > > > My question: Has anyone ever made this work on Server 2008 Standard > (not R2)? > Lars Schimmer wrote:
> I know it works on Win 20008 Standard, but I do run 2008R2 for AD > services including krb5 auth for users on linux clients. > My selfnotes are here to be read: > http://129.27.218.77/afs/howto.afs.ad.2008.txt > I have seen this document. It mentions "Server 2003 SP2" in the first few lines so I didn't pay much attention to it as I was/am interested in Server 2008 (not-R2). Under the section for 2008 R2, the instruction to add a registry value KdcUseRequestedEtypesForTicket definitely helped with the encryption types on Server 2008 (not-R2). Now I appear to have kvno issues again. On both Linux and Windows clients: C:\OpenAFS>kvno host/server64.mickeylane.com host/[email protected]: kvno = 4 I use Network Identity Manager (NIM) to get credentials on a Windows 7 client. The property page for afs/[email protected] shows kvno #5. The page for krbtgt/[email protected] shows kvno #2. Mickey. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
